package com.action.user;

import java.io.IOException;
import java.io.PrintWriter;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.Statement;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import com.config.SystemGlobals;
import com.sql.DBFactory;
import com.util.MD5;

public class ManageAdmin extends HttpServlet {
	
	private static final long serialVersionUID = 1L;
	
	public void doPost(HttpServletRequest request, HttpServletResponse response)
			throws ServletException, IOException {
		String contentType = SystemGlobals.getValue("contentType");
		PrintWriter out = response.getWriter();
		response.setContentType(contentType);
		MD5 md5 = new MD5();
		String GroupNo = request.getParameter("groupno");
		String AdminName = request.getParameter("adminname");
		String AdminPassword = request.getParameter("password");
		String Memo = request.getParameter("adminmemo");
		Connection conn = null;
		Statement stmt = null;
		ResultSet rs = null;
		PreparedStatement pstmt = null;
		String sql = null;

		if (request.getParameter("add") != null) {
			try {
				conn = DBFactory.getConnection();
				stmt = conn.createStatement();
				sql = "select * from admin where admin_name ='" + AdminName
						+ "'";
				rs = stmt.executeQuery(sql);
				if (rs.next()) {
					out
							.print("<script>alert(\"已存在此管理员ID\");window.location='admin/manager/adminlist.jsp';</script>");
				} else {
					int max = 0;
					String de_password = md5.getMD5ofStr(AdminPassword);
					sql = "select max(admin_id) as max from admin";
					rs = stmt.executeQuery(sql);
					if (rs.next()) {
						max = rs.getInt("max") + 1;
					}
					String insertsql = "insert into admin(admin_id,admin_name,admin_password,group_no,admin_memo)values(?,?,?,?,?)";
					pstmt = conn.prepareStatement(insertsql);
					pstmt.setString(1, Integer.toString(max));
					pstmt.setString(2, AdminName);
					pstmt.setString(3, de_password);
					pstmt.setString(4, GroupNo);
					pstmt.setString(5, Memo);
					pstmt.executeUpdate();
					out
							.print("<script>alert(\"添加管理员成功\");window.location=\"admin/manager/adminlist.jsp\";</script>");
					out.close();
				}
			} catch (Exception e) {
				out.print(e.getMessage());
			} finally {
				try {
					rs.close();
					pstmt.close();
					conn.close();
				} catch (Exception e) {
				}
			}
		}

		if (request.getParameter("edit") != null) {
			String en_password;
			String AdminNo = request.getParameter("id");
			try {
				if (AdminPassword.equals("")) {
					en_password = request.getParameter("pw");
				} else {
					en_password = md5.getMD5ofStr(AdminPassword);
				}
				sql = "update admin set admin_password=?,group_no=?,admin_memo=? where admin_id=?";
				conn = DBFactory.getConnection();
				pstmt = conn.prepareStatement(sql);
				pstmt.setString(1, en_password);
				pstmt.setString(2, GroupNo);
				pstmt.setString(3, Memo);
				pstmt.setString(4, AdminNo);
				pstmt.executeUpdate();
				out
						.print("<script>alert(\"编辑管理员成功\");window.location=\"admin/manager/adminlist.jsp\";</script>");
				out.close();
			} catch (Exception e) {
				out.print(e.getMessage() + " the update sql:" + sql);
			} finally {
				try {
					pstmt.close();
					conn.close();
				} catch (Exception e) {
				}
			}
		}
		if (request.getParameter("deleted") != null) {
			String AdminNos[] = request.getParameterValues("deleted");
			sql = "delete from admin where admin_id=?";
			try {
				conn = DBFactory.getConnection();
				for (int i = 0; i < AdminNos.length; i++) {
					pstmt = conn.prepareStatement(sql);
					pstmt.setString(1, AdminNos[i]);
					pstmt.executeUpdate();
				}

				out
						.print("<script>alert(\"删除选定的管理员成功\");window.location=\"admin/manager/adminlist.jsp\";</script>");
				out.close();
			} catch (Exception e) {
				out.print(e.getMessage());
			} finally {
				try {
					pstmt.close();
					conn.close();
				} catch (Exception e) {
				}
			}
		}
	}
}
